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SUMMARY 

Our  research  was  concentrated  on  the  following  topics: 

•  Special  Relations  in  Automated  Deduction  (Manna  and  Waldinger  [86]) 

Theorem  provers  have  exhibited  super-human  abilities  in  limited,  obscure  subject  domains 
but  seem  least  competent  in  areas  in  which  human  intuition  is  best  developed.  One  reason  for  this 
is  that  an  axiomatic  formalization  requires  us  to  state  explicitly  facts  that  a  person  dealing  in  a 
familiar  subject  would  consider  too  obvious  to  mention;  the  proof  must  take  each  f  Uiese  facts  into 
account  explicitly.  A  person  who  is  easily  able  to  construct  an  argument  informally  may  be  too 
swamped  in  detail  to  understand,  let  alone  produce,  the  corresponding  formal  proof.  A  continuing 
effort  in  our  research  is  to  make  formal  theorem  proving  more  closely  resemble  intuitive  reasoning. 
One  case  in  point  is  our  treatment  of  special  relations. 

In  most  proofs  of  interest  for  program  synthesis,  certain  mathematical  relations,  such  as  equal¬ 
ity  and  orderings,  present  special  difficulties.  These  relations  occur  frequently  in  specifications  and 
in  derivation  of  proofs.  If  their  properties  are  represented  axiomatically,  proofs  become  lengthy, 
difficult  to  understand,  and  even  more  difficult  to  produce  or  discover  automatically.  Axioms  such 
as  transitivity  have  many  consequences,  most  of  which  are  irrelevant  to  the  proof;  including  them 
produces  an  explosion  in  the  search  space. 

For  the  equality  relation,  the  approach  that  was  adopted  early  on  is  to  represent  its  properties 
with  rules  of  inference  rather  than  axioms.  In  resolution  systems,  two  rules  of  inference,  paramod 
ulation  (Wos  and  Robinson)  and  E-resolution  (Morris),  were  introduced.  Proofs  using  these  rules 
are  shorten  and  clearer,  because  one  application  of  a  rule  can  replace  the  application  of  several 
axioms.  More  importantly,  we  may  drop  the  equality  axioms  from  the  clause  set,  thus  eliminating 
their  numerous  consequences  from  the  search  space. 

We  have  discovered  two  rules  of  inference  that  play  a  role  for  an  arbitrary  relation  analogous 
to  that  played  by  para  modulation  and  E-resolution  for  the  equality  relation.  These  rules  apply  t.. 
sentences  employing  a  full  set  of  logical  connectives;  they  need  not  be  in  the  clause  form  requin-*: 


I 


by  traditional  resolution  theorem  provers.  We  intend  both  these  rules  to  be  incorporated  into 
theorem  provers  for  program  synthesis. 

Employing  the  new  special- relations  rules  yields  the  same  benefits  for  an  arbitrary  relation 
as  using  paramodulation  and  E-resolution  yields  for  equality:  proofs  become  shorter  and  more 
comprehensible  and  the  search  space  becomes  sparser. 

•  Binary-Search  Algorithms  (Manna  and  Waldinger  [85a]) 

Some  of  the  most  efficient  numerical  algorithms  rely  on  a  binary-search  strategy;  according  to 
this  strategy,  the  interval  in  which  the  desired  output  is  sought  is  divided  roughly  in  half  at  each 
iteration.  This  technique  is  so  useful  that  some  authors  (e.g.,  Dershowitz  and  Manna,  and  Smith 
)  have  proposed  that  a  general  binary-search  paradigm  or  schema  be  built  into  program  synthesis 
systems  and  then  specialized  as  required  for  particular  applications. 


It  is  certainly  valuable  to  store  such  schemata  if  they  are  of  general  application  and  difficult  to 
discover.  This  approach,  however,  leaves  open  the  question  of  how  schemata  are  discovered  in  the 
first  place.  We  have  found  that  the  concept  of  binary  search  appears  quite  naturally  and  easily  in 
the  derivations  of  some  numerical  programs.  The  concept  arises  as  the  result  of  a  single  resolution 
step,  between  a  goal  and  itself,  using  our  deductive-synthesis  techniques  (Manna  and  Waldinger 
[80]).  ‘  ^ 

The  programs  we  have  produced  in  this  way  (e.g.,  real-number  quotient  and  square  root, 
integer  quotient  and  square  root,  and  array  searching)  are  quite  simple  and  reasonably  efficient, 
but  are  bizarre  in  appearance  and  different  from  what  we  would  have  constructed  by  informal 
means.  For  example,  we  have  developed  by  our  synthesis  techniques  the  following  real-number 
square-root  program  sqrt(r,£): 


sqrt(r,  e) 


if  max(r,  1)  <  c 
then  0 

•  else  if  [sqrt(r,  2c) +  c]"  <  r 
then  sqrt{r,  2 c)  +  c 
else  sqrt(r,  2c). 


The  program  tests  if  the  error  tolerance  e  is  sufficiently  large;  if  so,  0  is  a  close  enough  approxi¬ 
mation.  Otherwise,  the  program  finds  recursively  an  approximation  within  2e  less  than  the  exact 
square  root  of  r.  It  then  tries  to  refine  this  estimate,  increasing  it  bv  e  if  the  exact  square  root  is 
large  enough  and  leaving  it  the  same  otherwise. 

This  program  was  surprising  to  us  in  that  it  doubles  a  number  rather  than  halving  it  as  the 
classical  binary-search  program  does.  Nevertheless,  if  the  repeated  occurrences  of  the  recursive  call 
sqrt(  r,  2c)  are  combined  by  common-subexpression  elimination,  this  program  is  as  efficient  as  the 
familiar  one  and  somewhat  simpler. 

•  A  Theory  of  Plans  (Manna  and  Waldinger  [85b]) 


Problems  in  commonsense  and  robot  planning  were  approached  by  methods  adapted  from 
our  program-synthesis  research;  planning  is  regarded  as  an  application  of  automated  deduction. 
To  support  this  approach,  we  introduced  a  variant  of  situational  logic  (Manna  and  Waldinger 
[81]),  called  plan  theory ,  in  which  plans  are  explicit  objects.  A  machine-oriented  deductive-tableau 
inference  system  is  adapted  to  plan  theory.  Equations  and  equivalences  of  the  theory  are  built  into 
a  unification  algorithm  for  the  system.  Frame  axioms  arc  built  into  the  resolution  rule. 


Special  attention  was  paid  to  the  derivation  of  conditional  and  recursive  plans.  Inductive 
proofs  of  theorems  for  even  the  simplest  planning  problems,  such  as  clearing  a  block,  have  been 
found  to  require  challenging  generalizations. 

•  Deductive  Synthesis  of  Dataflow  Networks  (.lonsson.  Manna,  and  Waldinger  [S<>] ) 

The  synthesis  of  concurrent  programs  is  much  more  complicated  than  the  synthesis  of  se¬ 
quential  programs.  In  general,  a  concurrent  program  does  not  have  a  single  input  value  and  a 
single  output  value,  but  receives  several  inputs  and  sends  several  outputs  during  its  execution.  If 
we  consider  sequences  of  input  and  output  values,  then  we  can  specify  a  concurrent  program  by 
giving  a  relation  between  the  sequence  of  input  values  and  the  sequence  of  output  values.  This 
specification  method  is  natural  especially  for  networks  of  deterministic  processes  that  communicate 
asynchronously  by  sending  messages  over  buffered  channels.  Deterministic  data  flow  networks  fall 
into  this  category. 

We  have  developed  a  method  for  the  deductive  synthesis  of  deterministic  dataflow  networks, 
which  are  specified  by  a  relation  between  sequences  of  input  values  and  sequences  of  output  values. 

Our  synthesis  method  consists  of  two  stages.  The  first  stage,  the  deductive-synthesis  stage, 
starts  from  a  specification  of  the  network.  Using  the  deductive- tableau  techniques  of  Manna  and 
Waldinger  [80],  a  system  of  recursive  equations  is  synthesized.  This  system  can  be  regarded  as 
an  applicative  program  that  satisfies  the  specification  for  the  network,  but  it  does  not  directly 
represent  any  structure  or  parallelism  of  a  network.  In  the  second  stage,  the  system  of  recursive 
equations  is  transformed  into  a  dataflow  network. 

•  The  Tablog  Programming  Language  (Malachi,  Manna,  and  Waldinger  [85],  Malachi  [86]) 

We  have  developed  a  new  logic-programming  language,  tablog  ( Malachi,  Manna  and  Waldinge 
[84]).  It  is  based  on  quantifier-free  first-order  logic  that  includes  all  the  standard  logical  connec¬ 
tives,  such  as  equality,  negation,  and  equivalence.  Programs  are  nonclausal:  they  do  not  need  to 
be  in  Horn-clause  form  or  any  other  normal  form.  They  can  compute  either  functions  (as  in  LISP) 
or  relations  (as  in  PROLOG). 

Two  deduction  rules  are  used  for  the  execution  of  programs:  nonclausal  resolution  (which 
corresponds  to  case  analysis)  and  equality  replacement  (which  corresponds  to  replacement  of  equals 
by  equals).  Prolog  programs  are  typically  provided  with  cut  annotations  to  allow  their  efficient 
execution.  Such  annotations  are  not  necessary  in  tablog,  since  implicit  cuts  are  introduced  during 
the  computation.  Lazy  evaluation  provides  an  elegant  way  to  manipulate  infinite  data  structures. 

A  powerful  mechanism  has  been  introduced  supporting  a  hierarchical  structure  for  tablog 
programs  and  permitting  the  reuse  of  code.  A  compiler  for  a  virtual  tablog  machine,  written  in 
tablog  itself,  is  under  development.  It  is  expected  that  tablog  programs  will  be  executed  ;is 
efficiently  as  their  PROLOG  counterparts,  despite  the  additional  features  available  to  the  program¬ 
mer. 


•  Temporal  Theorem  Proving  (Abadi  and  Manna  [85],  Abadi  [86]) 


The  concept  of  time  occupies  a  central  place  in  our  understanding  of  computation.  We  often 
analyze  computations  as  phenomena  that  occur  over  time,  both  formally  and  informally.  Direct 
references  to  temporal  notions  can  be  avoided  in  some  arguments  about  certain  classes  of  systems, 
such  as  functional  programs.  However,  processes  that  interact  with  an  environment  or  with  other 
processes  are  most  naturally  described  in  frameworks  where  time  appears  as  an  important  explic  it 
notion. 


When  classical  logic  serves  as  the  framework  to  describe  computations,  time  instants  may  be 
regarded  as  objects  and  represented  as  terms.  An  alternative  is  to  put  the  concept  of  time  at  the 
core  of  a  logic.  The  modal  logics  extend  classical  logic  with  modal  operators  to  denote  adverbs 
such  as  “necessarily”  and  “probably";  for  a  temporal  theory  of  computation,  the  appropriate  modal 
operators  represent  notions  like  “next.”  “always,”  and  “eventually.”  Such  a  temporal  logic  may- 
serve  as  an  elegant  and  practical  framework  to  reason  about  complex  systems  such  as  multiprocess 
programs. 

In  the  last  few  years,  temporal  logic  has  been  applied  in  the  specification,  verification,  and 
synthesis  of  concurrent  systems,  as  well  as  in  the  synthesis  of  robot  plans  and  in  the  verification 
of  hardware  devices. 

Many  important  properties  of  computation  (e.g.,  termination,  deadlock  freedom,  fairness) 
can  be  expressed  directly  and  concisely  in  the  language  of  temporal  logic.  This  accounts  for  the 
convenience  of  temporal  logic  as  a  specification  tool.  Expressiveness  does  not  always  suffice,  t  hough. 
Some  of  the  applications  we  mentioned  involve  a  considerable  deductive  component.  For  example, 
the  verification  of  a  program  typically  includes  proofs  within  temporal  logic. 

In  our  research,  we  have  developed  a  novel  proof  system  for  temporal  logic.  The  proof  system  is 
based  on  nonclausal  resolution,  a  classical- logic  method,  and  gives  a  special  treatment  to  quantifiers 
and  modal  operators.  We  have  explored  soundness  and  completeness  issues  for  this  system  and 
other  related  systems.  In  particular,  we  proved  that  a  simple  extension  of  the  resolution  system 
is  as  powerful  as  Peano  Arithmetic.  We  also  showed  how  to  provide  analogous  resolution  systems 
for  other  useful  modal  logics,  such  as  the  modal  logics  of  knowledge  and  belief. 

We  have  applied  our  resolution  system  to  program  verification.  We  have  investigated  the 
possibility  that  temporal  logic  would  serve  as  a  programming  language  and  that  a  temporal- 
resolution  theorem  prover  would  interpret  programs  in  this  language. 

•  Logic:  The  Calculus  of  Computer  Science 

The  research  papers  in  which  we  have  presented  the  deductive  approach  to  program  synthesis 
has  been  addressed  to  the  usual  academic  readers  of  the  scholarly  journals.  In  an  effort  to  make  this 
work  accessible  to  a  wider  audience,  including  computer  science  undergraduates  and  programmers, 
we  have  developed  a  more  elementary  treatment  in  the  form  of  a  two-volume  book,  The  Logical 
Basis  for  Computer  Programming,  Addison- Wesley  (Manna  and  Waldinger  [85c]). 

This  book  requires  no  computer  programming  and  no  mathematics  other  than  an  intuitive 
understanding  of  sets,  relations,  functions,  and  numbers;  the  level  of  exposition  is  elementary. 
Nevertheless,  the  text  presents  some  novel  research  results,  including 

•  theories  of  strings,  trees,  lists,  finite  sets  and  bags,  which  are  particularly  well  suited  to 

theorem- proving  and  program-synthesis  applications; 

•  formalizations  of  parsing,  infinite  sequences,  expressions,  substitutions,  and  unification; 

•  a  nonclausal  version  of  skolemization; 

•  a  treatment  of  mathematical  induction  in  the  deductive-tableau  framework. 
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